In brief

  • A group of virtual asset companies has released a white paper outlining how its members will share data to comply with the Travel Rule.
  • The Financial Action Task Force's Travel Rule requires financial institutions to share information with one another.
  • The working group's solution will ultimately need to fit with virtual asset companies across the globe.

The US Travel Rule Working Group (USTRWG), a consortium of 25 companies dealing in virtual assets, has published a white paper proposing how its members will comply with the Travel Rule, which lays out more stringent anti-money laundering (AML) and combating the financing of terrorism (CFT) rules.

But the US-centric working group, comprised of US virtual asset service providers (VASPs) like Gemini and Coinbase, may hit roadblocks working with crypto companies from other jurisdictions, which also must comply with the Travel Rule. And it could throw up roadblocks of its own to companies on the outside of its "closed network" solution that don't meet its requirements.

At its most basic, the Travel Rule requires financial institutions to share some information with other financial institutions when money is transmitted so law enforcement can track money laundering and financial crimes.

Specifically, any transfers of at least $3,000 require the originator’s name, account number, address, financial institution, as well as the date and amount sent. They also require the recipient’s name, address, account, and financial institution name.

The Travel Rule’s existence predates the advent of cryptocurrency, but the Financial Crimes Enforcement Network (FinCEN), part of the US Treasury department, as well as the Financial Action Task Force (FATF), an intergovernmental standards organization, have issued guidance over the years explaining how virtual currency businesses could comply with the Travel Rule. 

Last June, the FATF confirmed that, yes, virtual asset service providers (VASPs)—which include exchanges, wallet companies, storage solutions, and Forex brokers—have to comply with AML and CFT rules. It put the onus on member countries for enforcement, but was looking for industry-wide progress by June 2020.

The recently posted white paper no doubt counts as progress, proposing a phased approach. A Phase 1 pilot would establish formal agreements between USTRWG members so as “to create a trusted network for sharing Travel Rule data.” It would also establish a "centralized bulletin board" as a way to look up other VASPs when making transactions. Phase 1.5 will scale up to non-USTRWG members, while Phase 2+ “will continue to support mechanisms for proof of address ownership and expand to cover additional assets and use cases.”

But USTRWG is a “closed network,” meaning “only VASPs who complete the onboarding process and meet established criteria will be approved and granted access to the network.”

Teana Baker-Taylor, the former executive director of membership organization Global Digital Finance (GDF), which supports the USTRWG, told Decrypt that the onboarding process has yet to be formalized but believes it will be done in a way that doesn’t shut out legitimate new entrants. “Ensuring access which enables fair competition and mitigates collusion risk will be paramount,” she said.

To Baker-Taylor, the bigger obstacle seemed to be combining the goals of these US industry leaders with non-US VASPs, which are also beholden to the Travel Rule but lie within different governmental jurisdictions.

“Whilst establishing a pilot solution to ensure effectiveness makes a lot of sense,” she said, "given the global nature of digital asset exchange, and the global VASP compliance requirement of [the Travel Rule], excluding non-U.S. entities may create some interoperability asymmetry across VASP compliance globally.”

That’s John Jefferies’ concern as well. As chief financial analyst at CipherTrace, a cryptocurrency security company focused on tracing illicit transactions, he’s well aware of the US crypto industry’s efforts to come into compliance. CipherTrace released an open-source fix to the Travel Rule in September, 2019.

“The USTRWG's proposed bulletin board approach does not scale globally and lacks a security and privacy model,” he told Decrypt. “It is a good way to show regulators, in this case, FinCEN, that VASPs are taking the Travel Rule requirements seriously. But it is not a scalable global solution.”

Jefferies suggested that USTRWG members should parlay the work they've done here into further progress with the Travel Rule Information Sharing Alliance (TRISA), a global group he co-chairs and which counts some USTRWG companies as members. 

“The USTRWG effort is US-centric, typifying the regional solutions that have emerged to address specific jurisdictional pressures,” he said. “TRISA is a global interoperable alliance and software effort that unifies these local attempts.”

Baker-Taylor has some ideas for getting virtual asset companies across diverse jurisdictions to work together.

“Within the network, members will have access to a VASP 'lookup mechanism' to find counterparty VASP information,” she said. Assuming that information is limited to USTRWG members during Phase 1, she said, “The feature could be bolstered with global VASP information by incorporating additional third-party data sources, such as VASPnet, which is also in pilot.” That would tap the group into registration data from 1,800 VASPs spanning 22 regulators.

Either way, she said, “It’s encouraging to see the industry continue to collaborate to solve these global regulatory challenges.”